search

XSEDE / oauth-ssh

SSH with Globus Auth
Apache License 2.0
28 stars 11 forks source link

Unexpected auth response not handled properly #58

Closed JasonAlt closed 4 years ago

JasonAlt commented 4 years ago

Offending line oauth_ssh_config.py line 90

/usr/sbin/oauth-ssh-config register abc.foo.org Traceback (most recent call last): File "/usr/sbin/oauth-ssh-config", line 9, in load_entry_point('oauth-ssh-config==0.9', 'console_scripts', 'oauth-ssh-config')() File "/usr/lib/python2.7/site-packages/click/core.py", line 722, in call return self.main(args, kwargs) File "/usr/lib/python2.7/site-packages/click/core.py", line 697, in main rv = self.invoke(ctx) File "/usr/lib/python2.7/site-packages/click/core.py", line 1066, in invoke return _process_result(sub_ctx.command.invoke(sub_ctx)) File "/usr/lib/python2.7/site-packages/click/core.py", line 895, in invoke return ctx.invoke(self.callback, ctx.params) File "/usr/lib/python2.7/site-packages/click/core.py", line 535, in invoke return callback(args, *kwargs) File "/usr/lib/python2.7/site-packages/click/decorators.py", line 17, in new_func return f(get_current_context(), args, **kwargs) File "/usr/lib/python2.7/site-packages/oauth_ssh_config/oauth_ssh_config.py", line 158, in register print_friendly_auth_err_msg(r) File "/usr/lib/python2.7/site-packages/oauth_ssh_config/oauth_ssh_config.py", line 90, in print_friendly_auth_err_msg errors = auth_reply.json()['errors'][0] KeyError: 'errors'

JasonAlt commented 4 years ago

There's a fix in branch issues/58 that needs verifying. Follow these instructions:

git clone https://github.com/xsede/oauth-ssh.git
cd oauth-ssh/
git checkout issue/58
sudo python ./server/src/config/oauth_ssh_config/oauth_ssh_config.py register <insert_fqdn>
tscollins-nygc commented 4 years ago

That seems to have taken care of it:

[root@www oauth-ssh]# python ./server/src/config/oauth_ssh_config/oauth_ssh_config.py register www.tscwork.net Success

Going to continue with the next steps of the documentation and 'Configure SSHD to use PAM' & 'Configure PAM to use Oauth SSH'.

Just one comment I would like to make is the use of FQDN isn't always the best when just trying to test/evaluate and it would be much simpler if an external IP could be used.

JasonAlt commented 4 years ago

The fix should have displayed the error that was crashing the config program. So it looks like whatever issue you had was transient. Still, the change is good so I'll merge it.

I agree that FQDN registration is simple. But the authorization model would not allow scopes based on ip address. Perhaps we could do it based on the SSH service client UUID, but only as a testing or temporary thing because it is not very user friendly either.